Cyber Security News / Infrastructure:Electric,Gas & Water
Cyber Security -- Critical Infrastructure

Cyber Espionage Firms Targeting Critical Infrastructure

Dell SecureWorks researchers have discovered a cyber espionage campaign targeting several large companies, including two in the energy sector, according to an article in Computer Weekly.

The campaign, dubbed Mirage, targeted an oil company in the Philippines, an energy firm in Canada, a military organization in Taiwan and other unidentified targets in Brazil, Israel, Egypt and Nigeria, the article says. 

This is the second cyber espionage campaign to be uncovered this year by the Counter Threat Unit (CTU) of security firm Dell SecureWorks. The first campaign, dubbed Sin Digoo, targeted petroleum companies in Vietnam, government ministries in different countries, an embassy, a nuclear safety agency and other business related groups, Computer Weekly reports.

The Dell SecureWorks researchers believe that either the same group is behind both campaigns, or whoever is responsible for Mirage is working closely with those behind Sin Digoo, the article says. Three command and control domain names in the Mirage campaign are owned by someone using the same email addresses as the owner of several C&C domains that were used in the Sin Digoo campaign.

The command and control IP addresses belong to the China Beijing Province Network (AS4808), said researchers. The China Beijing Province Network is known for connections to malware and espionage, the article says. The security researchers said the Mirage malware avoids detection by disguising its command and control communications as Google searches by using SSL communications and a similar URL pattern to that of a Google Search.

According to testing site Virus Total, only half of the major anti-virus scanners detected Mirage, the article reports.

The victims of the Mirage campaign are being infected by “spearphishing” emails containing a malicious executable. Clicking on the attachment drops a pdf, along with the executable, Computer Weekly reports.

One of the spearphishing emails used in this campaign contained a pdf of a news story titled “Yemeni Women can participate in politics just like men, says President Saleh.”

Energy companies, along with pharmaceutical and high-tech industries, are the most common targets of these advanced persistent threat campaigns, says Don Smith, technology director at Dell SecureWorks, in the article.

“But we are seeing other industries now being targeted, and all businesses should ask themselves just how confident they are that their cyber security regime minimizes the risks of attack, but I would say very few in my experience,” he tells the Gartner Security & Risk Management Summit 2012 in London, as reported in the article.

Researchers at Dell SecureWorks have identified more than 580 separate families of malware what are related to targeted advanced persistent attacks, the article says. In the face of this new breed of attacks, Smith says organizations should ensure they had a layered approach to security.

“There is no silver bullet to deal with these attacks which is why businesses need to have protections at all levels,” he says in the article. Organizations need to understand the threat landscape, who is likely to attack them and why, says Smith, so they can prepare accordingly.

Where possible, he says in the article, this should include a forensic capability so that in the event of an attack, an organization can identify exactly what went wrong.

“Information security professionals must talk to the business executives to find out what they are most worried about losing and create an informed security strategy based on that,” says Smith.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security June 2015 issue cover

2015 June

In this June 2015 issue of SecurityIs the security director business’s new “corporate rock star?” Find out how CSOs can become the new leaders of their enterprises through mentorships, partnerships and creatively adding business value. Also, learn how security professionals are training employees in cyber security through games. And why are deterrence and detection so important when it comes to thwarting metal thieves? Find out in this issue.

Table Of Contents Subscribe

Body Cameras on Security Officers

Body cameras are being used increasingly by police in cities across the U.S. Will you arm your security officers with a body camera?
View Results Poll Archive


Effective Security Management, 5th Edition.jpg
Effective Security Management, 5th Edition

 Effective Security Management, 5e, teaches practicing security professionals how to build their careers by mastering the fundamentals of good management. Charles Sennewald brings a time-tested blend of common sense, wisdom, and humor to this bestselling introduction to workplace dynamics. 

More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.